Have a moment for some good reading?
- http://www.lg-hack.info/cgi-bin/sn_forumr.cgi?cid=2675&fid=2679&tid=2693
- http://lg-tv-lcd-firmware.wikispaces.com/
- http://www.gossamer-threads.com/lists/mythtv/dev/356287
- http://hackaday.com/2009/10/18/samsung-tv-firmware-hacking/
- http://samygo.sourceforge.net/
While the reading may not be “good” in the sense of reading a good Star Trek novel (yes I read them ;) ), the implications of the TV OS hack methodologies explained in the above links gives one cause for pause.
The PC industry, especially on the Microsoft side with Apple recently taking up their security slack with key personnel hiring, has the infrastructure in place to address vulnerabilities. But, it looks as though vendors/manufacturers of products that drop some sort of OSS distro on their boxes will need to learn the same _hard_ lessons.
Currently, it looks to be quite simple to get into the LCD TVs with full shell access. No security, no authentication, nothing. Depending on the horsepower driving everything underneath it all, there are lots of ways to work this situation.
With many of these new devices needing an Internet connection for whatever new features they are implementing, there will be a need for us to be aware of whether they are properly secured or not.
If not secured, then a serious decision needs to be made about whether that device should be purchased or if purchased then if it should be plugged in to an Internet connection.
The thought of a worldwide BotNet of LCD TVs is hopefully a fiction . . . at least today.
Links and thoughts courtesy of ObiWan a fellow MVP. Thanks for that and the insights Andrea!
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book
*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.
There's quite a few PVRs out there that also have remote root access without requiring a password. It's the late 80s/early 90s all over again!
ReplyDelete